General
-
Target
2ec0872bb8cf5985b8bc64c1d15e6710f2c42a609682cd43fb52254fdb778d58
-
Size
1.2MB
-
Sample
210624-jdtkgl1tya
-
MD5
3c9a8dad5221e0cc3755e252811a722e
-
SHA1
407edc8a0289a72326006013eafe663cbad12bb1
-
SHA256
2ec0872bb8cf5985b8bc64c1d15e6710f2c42a609682cd43fb52254fdb778d58
-
SHA512
fc496808fc20720fef1662685dab5862cb9092b38d2a88f4749b7e6502d22b0840b9c6280a20ae1ba312ce7aa37bb993d5dfc00b3453b1ed59415bd69cfb7b3a
Static task
static1
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/209hwrrIygNFO
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
FACTURAS.EXE
-
Size
743KB
-
MD5
dec50d35699429ddcba5874277455f92
-
SHA1
a3b0ec9a1df69019bcc31557475b94b9cc2e39a2
-
SHA256
0fb28c106093876aa073dc06d84fdf14c4d01f655e5a5c78e377f60321fa7665
-
SHA512
11dd4e61b7141798e166b985674bcbfd0294b38c081a2667305f8d46fc9c2a7d031d228cf5ba3c7c8698c92d6a349b862b4d1e386ac746bcd00c9ebe47bce9be
-
Suspicious use of SetThreadContext
-